MI-X - Determine whether your compute is truly vulnerable to a specific vulnerability
https://ift.tt/Ii4v85V
Submitted November 04, 2022 at 12:24PM by boutnaru
via reddit https://ift.tt/Kjku6qP
https://ift.tt/Ii4v85V
Submitted November 04, 2022 at 12:24PM by boutnaru
via reddit https://ift.tt/Kjku6qP
GitHub
GitHub - Rezilion/mi-x: Determine whether your compute is truly vulnerable to a specific vulnerability by accounting for all factors…
Determine whether your compute is truly vulnerable to a specific vulnerability by accounting for all factors which affect *actual* exploitability (runtime execution, configuration, permissions, exi...
Reverse Branch Target Buffer Poisoning - new ASLR bypass technique using CPU vulnerabilities [PDF]
https://ift.tt/FT5QCRV
Submitted November 04, 2022 at 01:11PM by Gallus
via reddit https://ift.tt/4Y73XT0
https://ift.tt/FT5QCRV
Submitted November 04, 2022 at 01:11PM by Gallus
via reddit https://ift.tt/4Y73XT0
The Android Malware's Journey: From Google Play to banking fraud | Cleafy Labs
https://ift.tt/HsI4Chy
Submitted November 04, 2022 at 07:07PM by f3d_0x0
via reddit https://ift.tt/dznexTj
https://ift.tt/HsI4Chy
Submitted November 04, 2022 at 07:07PM by f3d_0x0
via reddit https://ift.tt/dznexTj
Cleafy
The Android Malware’s Journey: From Google Play to banking fraud | Cleafy Labs
The threat intelligence team of Cleafy analyzed the Android Malware Vultur and its journey from Google Play to banking fraud. Read here the technical analysis.
HRDevHelper - Decompiler Plugin for Hex-Rays by Dennis Elser
https://ift.tt/opTJkz9
Submitted November 05, 2022 at 06:03AM by Gallus
via reddit https://ift.tt/9oUCV7x
https://ift.tt/opTJkz9
Submitted November 05, 2022 at 06:03AM by Gallus
via reddit https://ift.tt/9oUCV7x
AWS Organizations Defaults - Hacking The Cloud
https://ift.tt/a4PzHNM
Submitted November 05, 2022 at 05:52AM by RedTermSession
via reddit https://ift.tt/Xfcv0UK
https://ift.tt/a4PzHNM
Submitted November 05, 2022 at 05:52AM by RedTermSession
via reddit https://ift.tt/Xfcv0UK
hackingthe.cloud
AWS Organizations Defaults - Hacking The Cloud
AWS Organizations is a common service to run into in AWS environments. It's default behavior can make it a target for attackers.
ThinkstScapes Quarterly | 2022.Q3 | Summary of a lot of conference talks
https://thinkst.com/ts
Submitted November 07, 2022 at 03:11AM by ffyns
via reddit https://ift.tt/apozVB0
https://thinkst.com/ts
Submitted November 07, 2022 at 03:11AM by ffyns
via reddit https://ift.tt/apozVB0
Thinkst
ThinkstScapes
Keeping up with security research is near impossible. ThinkstScapes helps with this. We scour through thousands of blog posts, tweets and conference proceedings to give you an overview of the work we think significantly moves the needle.
drgn - a debugger with an emphasis on programmability
https://ift.tt/bowKV34
Submitted November 07, 2022 at 08:35AM by Gallus
via reddit https://ift.tt/odNbkiJ
https://ift.tt/bowKV34
Submitted November 07, 2022 at 08:35AM by Gallus
via reddit https://ift.tt/odNbkiJ
GitHub
GitHub - osandov/drgn: Programmable debugger
Programmable debugger. Contribute to osandov/drgn development by creating an account on GitHub.
Malicious Python Packages Replace Crypto Addresses in Developer Clipboards
https://ift.tt/x3OQJiz
Submitted November 07, 2022 at 11:26AM by louis11
via reddit https://ift.tt/4HXatdw
https://ift.tt/x3OQJiz
Submitted November 07, 2022 at 11:26AM by louis11
via reddit https://ift.tt/4HXatdw
blog.phylum.io
Malicious Python Packages Replace Crypto Addresses in Developer Clipboards
Phylum uncovers a new campaign targeting Python developers. Malware authors surreptitiously replace cryptocurrency addresses in developer clipboards.
Awesome CISO Maturity Models
https://ift.tt/vsLncbt
Submitted November 07, 2022 at 11:42PM by hipver
via reddit https://ift.tt/tPH30TR
https://ift.tt/vsLncbt
Submitted November 07, 2022 at 11:42PM by hipver
via reddit https://ift.tt/tPH30TR
GitHub
GitHub - TalEliyahu/awesome-CISO-maturity-models: Maturity models help integrate traditionally separate organizational functions…
Maturity models help integrate traditionally separate organizational functions, set process improvement goals and priorities, provide guidance for quality processes, and provide benchmark for appra...
Substation: data pipeline and transformation toolkit for security teams
https://ift.tt/JxdvleD
Submitted November 07, 2022 at 09:06PM by jshlbrd-brex
via reddit https://ift.tt/Rl15Scr
https://ift.tt/JxdvleD
Submitted November 07, 2022 at 09:06PM by jshlbrd-brex
via reddit https://ift.tt/Rl15Scr
GitHub
GitHub - brexhq/substation: Substation is a toolkit for routing, normalizing, and enriching security event and audit logs.
Substation is a toolkit for routing, normalizing, and enriching security event and audit logs. - brexhq/substation
We’re Christian Mouchet, Jean-Philippe Bossuat, Kurt Rohloff, Nigel Smart, Pascal Paillier, Rand Hindi, Wonkyung Jung, various researchers and library developers of homomorphic encryption to answer questions about homomorphic encryption and why it’s important for the future of data privacy! AMA
https://ift.tt/wCZUocq
Submitted November 08, 2022 at 06:17AM by carrotcypher
via reddit https://ift.tt/gzFN35a
https://ift.tt/wCZUocq
Submitted November 08, 2022 at 06:17AM by carrotcypher
via reddit https://ift.tt/gzFN35a
Reddit
r/privacy on Reddit: We’re Christian Mouchet, Jean-Philippe Bossuat, Kurt Rohloff, Nigel Smart, Pascal Paillier, Rand Hindi, Wonkyung…
Posted by u/carrotcypher - 372 votes and 241 comments
DefCon 30: Exploitation in the era of formal verification [video]
https://www.youtube.com/watch?v=TcIaZ9LW1WE
Submitted November 08, 2022 at 10:51AM by Adam_pi3
via reddit https://ift.tt/7MLmV0y
https://www.youtube.com/watch?v=TcIaZ9LW1WE
Submitted November 08, 2022 at 10:51AM by Adam_pi3
via reddit https://ift.tt/7MLmV0y
YouTube
DEF CON 30 - Adam Zabrocki, Alex Tereshkin - Exploitation in the era of Formal Verification
For decades, software vulnerabilities have remained an unsolvable security problem regardless of years of investment in various mitigations, hardening and fuzzing strategies. In the last years there have been moves to formal methods as a path toward better…
Shennina Framework - Automating Host Exploitation with AI
https://ift.tt/q2UX1lv
Submitted November 08, 2022 at 02:42PM by mazen160
via reddit https://ift.tt/PhEcFwe
https://ift.tt/q2UX1lv
Submitted November 08, 2022 at 02:42PM by mazen160
via reddit https://ift.tt/PhEcFwe
Mazin Ahmed
Shennina Framework - Automating Host Exploitation with AI
Shennina Framework - Automating Host Exploitation with AI.
We sign code now | Trail of Bits Blog
https://ift.tt/v4bUZOH
Submitted November 08, 2022 at 06:42PM by D4r1
via reddit https://ift.tt/itR5rJu
https://ift.tt/v4bUZOH
Submitted November 08, 2022 at 06:42PM by D4r1
via reddit https://ift.tt/itR5rJu
The Trail of Bits Blog
We sign code now
Sigstore announced the general availability of its free and ecosystem-agnostic software signing service two weeks ago, giving developers a way to sign, verify and protect their software projects and the dependencies they rely on. Trail of Bits is absolutely…
Jit-Picking: Differential Fuzzing of JavaScript Engines [PDF]
https://ift.tt/KuArbdB
Submitted November 08, 2022 at 08:25PM by Gallus
via reddit https://ift.tt/PzxNWB7
https://ift.tt/KuArbdB
Submitted November 08, 2022 at 08:25PM by Gallus
via reddit https://ift.tt/PzxNWB7
New updated IceXLoader claims thousands of victims around the world
https://ift.tt/TF720oe
Submitted November 08, 2022 at 08:04PM by woja111
via reddit https://ift.tt/kLjKVc9
https://ift.tt/TF720oe
Submitted November 08, 2022 at 08:04PM by woja111
via reddit https://ift.tt/kLjKVc9
Minerva Labs
New updated IceXLoader claims thousands of victims around the world - Minerva Labs
This commercial malware is used to download and deploy additional malware and ransomware on infected machines. We analyzed the latest version
#ShortAndMalicious: StrelaStealer aims for mail credentials
https://ift.tt/6BZviQy
Submitted November 08, 2022 at 07:52PM by OwnPreparation3424
via reddit https://ift.tt/BjDdZQ7
https://ift.tt/6BZviQy
Submitted November 08, 2022 at 07:52PM by OwnPreparation3424
via reddit https://ift.tt/BjDdZQ7
Medium
#ShortAndMalicious: StrelaStealer aims for mail credentials
Quick look at a new stealer utilizing polyglot files
Research on Flow Computers Used in Oil and Gas
https://ift.tt/pwYiejN
Submitted November 08, 2022 at 10:30PM by derp6996
via reddit https://ift.tt/9v1y3xW
https://ift.tt/pwYiejN
Submitted November 08, 2022 at 10:30PM by derp6996
via reddit https://ift.tt/9v1y3xW
Claroty
An Oil and Gas Weak Spot: Flow Computers
How to deal with ransomware on Azure
https://ift.tt/N7DuT41
Submitted November 08, 2022 at 11:08PM by MiguelHzBz
via reddit https://ift.tt/ziESCYV
https://ift.tt/N7DuT41
Submitted November 08, 2022 at 11:08PM by MiguelHzBz
via reddit https://ift.tt/ziESCYV
Sysdig
How to deal with ransomware on Azure – Sysdig
Dig deeper into the techniques used by attackers and the mitigations you should implement when ransomware on Azure affects you.
SimpleX Chat: security assessment by Trail of Bits and v4.2 released
https://ift.tt/4mkz87H
Submitted November 08, 2022 at 11:58PM by epoberezkin
via reddit https://ift.tt/CfMkvY9
https://ift.tt/4mkz87H
Submitted November 08, 2022 at 11:58PM by epoberezkin
via reddit https://ift.tt/CfMkvY9
simplex.chat
Security assessment by Trail of Bits, the new website and v4.2 released
SpyGuard:: a forked and enhanced version of TinyCheck. The main objective is to detect signs of compromise by monitoring network flows transmitted by a device.
https://ift.tt/BZv16ST
Submitted November 08, 2022 at 10:49PM by lugh
via reddit https://ift.tt/jPeFum2
https://ift.tt/BZv16ST
Submitted November 08, 2022 at 10:49PM by lugh
via reddit https://ift.tt/jPeFum2
GitHub
GitHub - SpyGuard/SpyGuard: SpyGuard is a forked and enhanced version of TinyCheck. SpyGuard's main objective is to detect signs…
SpyGuard is a forked and enhanced version of TinyCheck. SpyGuard's main objective is to detect signs of compromise by monitoring network flows transmitted by a device. - SpyGuard/SpyGuard